CVE-2016-1983

The clienthost function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via an empty HTTP Host header...

CVE-2016-1983

The clienthost function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service invalid read and crash via an empty HTTP Host header...

CVE-2016-1983

CVE-2016-1983 affects Privoxy; the vulnerability lies in the client_host function in parsers.c, where receiving an empty HTTP Host header can trigger a denial-of-service via an invalid read and crash. Affected versions are Privoxy prior to 3.0.24. Public advisories and updates (e.g., Debian DSA-3...

4images 1.7.11 File Inclusion

| Title : 4images 1.7.11 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : Powered by 4images 1.7.11 | Tested on: windows 8.1 Français V.Pro | Download : http://www.4homepages.de/ ======================================= Host Header Attack : Vulnerability...

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Security: Added HTTP "Host" header character validation to prevent cache poisoning attacks when baseurl auto-detection is used. Security: Added FSCommand and seekSegmentTime to the "evil attributes" list in CISecurity::xssclean...

yxcms host header attack 获取用户重置密码的token

简要描述： drops文档实例。利用HTTP host头攻击的技术。需要交互。 详细说明： 原理参考：http://drops.wooyun.org/papers/1383 else $setmes=in$POST'backname'; ifempty$setmes $this-error'填写信息不全'; switch $POST'type' case 'acc': if!Check::userName$setmes $this-error'非法账户名'; $info=model'members'-find"account='$setmes'",'email'; ifempty$inf...

ALCASAR index.php Crafted HTTP host Header Vulnerability

Added: 09/16/2014 BID: 69662 OSVDB: 111026 Background ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups. Problem ALCASA...

ALCASAR index.php Crafted HTTP host Header Vulnerability

Added: 09/16/2014 BID: 69662 OSVDB: 111026 Background ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups. Problem ALCASA...

ALCASAR index.php Crafted HTTP host Header Vulnerability

Added: 09/16/2014 BID: 69662 OSVDB: 111026 Background ALCASAR is a free Network Access Controller that allows network managers to restrict Internet service access to authenticated users. ALCASAR allows control and logging of all network activity by users and/or defined user groups. Problem ALCASA...

CVE-2014-5464

Cross-site scripting XSS vulnerability in the nDPI traffic classification library in ntopng aka ntop before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header...

CVE-2014-5464

Cross-site scripting XSS vulnerability in the nDPI traffic classification library in ntopng aka ntop before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header...

CVE-2014-5464

Cross-site scripting XSS vulnerability in the nDPI traffic classification library in ntopng aka ntop before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header...

CVE-2014-5464

CVE-2014-5464 describes an XSS vulnerability in the ntopng/ndpi stack where the HTTP Host header is not sanitized in the web frontend. The issue occurs in ntopng (aka ntop) before version 1.2.1, due to untrusted Host header data being injected into the UI, enabling remote attackers to inject arbi...

CVE-2014-5464

Removed by vendor...

ntopng 1.2.0 - XSS Injection

No description provided by source. ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of...

Denial of service with a malicious HTTP Host header

More info at https://symfony.com/cve-2014-5244...

Denial of service with a malicious HTTP Host header

More info at https://symfony.com/cve-2014-5244...

ntopng 1.2.0 - Cross-Site Scripting Injection

ntopng 1.2.0 - Cross-Site Scripting Injection ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based...

ntopng 1.2.0 XSS injection using monitored network traffic

ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...

ntopng 1.2.0 - Cross-Site Scripting Injection

ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...